May
26

HIPAA Security Top 5 Protection Steps

Medical Insurance Portability and Accountability Act (HIPAA) set specific guidelines for almost any site that stores or transmits Personal Health Information (PHI). This is often in one location or between different locations. It could be internal or external but still require the same safeguards. The protection Rule and a Privacy Rule requires there being technical and physical controls over the integrity and privacy of PHI. Additionally, there has to be restrictions for the access of PHI to merely authorized personnel.

1. Conduct a Risk Assessment
Section 164.308(a)(1) of HIPAA requires a company to conduct the danger analysis before any solution is implemented. It is important to know your network’s vulnerabilities. Officials must understand what type of information might get exposed, who might expose it, and the way where it could be exposed. The consequence of this analysis will facilitate creation of security policies & procedures.

2. Have a Multi-Layer Approach
A single technology cannot provide complete protection. Implementing firewalls, anti-virus software, anti-spam, and intrusion prevention are simply some of the things required to keep patient data completely secure. Your production environment needs to be protected from your development environment. You must know what attacks are taking place at each layer of security.

3. Don’t Ignore Email
More patient data is breached through email than some other source. It is crucial to possess secure email and full content filtering. You need both inbound and outbound filters for personal health information protection.

4. Implement Policies
Employees has to be educated on the security policies of your organization, why the policies are important and how to protect confidential information. Electronic Security training will be the first step in this important process. Implement a burglar alarm awareness and training curriculum for all members of the workforce including management.

5. Backup Your computer data Offsite (Securely)
Offsite data backup is among the most easier and safer option to the out dated tape method. Offsite data backup offers multiple encryption methods, sophisticated file search availability, and finish automation. You can recover you data swiftly and test out your backup information quickly for accuracy and completeness.

Gary Bahadur
http://www.kraasecurity.com
http://blog.kraasecurity.com
http://twitter.com/kraasecurity

May 26, 2011   //   hipaa security assessment, hipaa security audit, hipaa security training   //   No Comments   //   Tags: , ,